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In the Claims 

(Original) A method for initializing secure communications between a first device 
cond device, said first and second devices each having a public key of a Certificate 
AuthorityWid a device certificate, said device certificate having a unique hardware identifier 

\ 

associated with said respect ive device, and a public key associated with said respective device, 
said method comprising the steps of: 

establishing a\session between said first device and said second device; 
negotiating two-way session encryption and mutual authentication requirements between 
said first and said second device; 

exchanging device certificates of said first device and said second device; 
cryptographically verifying the received certificate using the public key of said 
Certificate Authority; \ 

exchanging challenges created by each of said first and second devices; 
responding to said respective challenges by signing said received challenge, using the 
receiving device's private key, said private lcfeys residing in the respective protected storage 
in each said device; 

returning said signed challenges; 
cryptographically verifying that said received Challenge signature is of the challenge 
previously sent by said receiving device; 

establishing a key agreement between said first and s&cond devices; and, 
establishing secure communications if all of said prior verifying steps succeed. 

2. (Original) A method as claimed in claim 1 wherein said first established session is 



non-secure. 
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3. (Original) A method as claimed in claim 1 wherein said first established session is 

an authenticated connection. 

\ 

4. (Original) A method as claimed in claim 1 wherein said first established session is 

an encrypted connection. 

\ 



5. (Original) A method as claimed in claim 1 wherein said unique hardware identifier 
j^s 

hok; 

only storage with the ability to j)erform computations involving previously-written data. 



is a machine (MAC) address for said associated device 



6. (Original) A method as claimed in claim 1 wherein said protected storage is a write- 

o\er 



7. (Original) A method as claimed in claim 1 wherein said protected storage is read- 
write storage wherein the read capacit)\f said storage is accessible only by means of a shared 
secret. 




8. (Original) A method as claimed in claim 1 wherein said public key of a certificate 
Authority is a public key of a root Certificate Authority. 

9. (Original) a program for initializing secured between a first device 
and a second device, said first and second devices each having a public key of a Certificate 
Authority and a device certificate, said device certificate havmg a unique hardware identifier 
associated with said respective device, and a public key associate^ with said respective device, 
said program code comprising: 
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\ computer program code means for establishing a session between said first device and 
said second device; 

computer program code means for negotiating two-way session encryption and mutual 
authenticationSrequirements between said first and said second device; 

computenprogram code means for exchanging device certificates of said first device 
and said second device; 

computer program code means for cryptographically verifying the received certificate 
using the public key of skid Certificate Authority; 

computer program cpde means for exchanging challenges created by each of said first 
and second devices; 

computer program code means for responding to said respective challenges by signing 
said received challenge, using th^receiving device's private key, said private keys residing 
in the respective protected storage m each said device; 

computer program code means, for returning said signed challenges; 

computer program code means\for cryptographically verifying that said received 
challenge signature is of the challenge previously sent by said receiving device; 

computer program code means for establishing a key agreement between said first and 
said second devices; and, 

computer program code means for establishing secure communications if all of said 
prior verifying steps succeed. 

10. (Original) A program as claimed in claim 9\wherein said first established session 



is non-secure. 



PATENT 
Application No. 09/316,805 



Docket No. CR9-99-033 
Page 5 



LI . (Original) A program as claimed in claim 9 wherein said first established session 
is an authenticated connection. 



12. (Original) A program as claimed in claim 9 wherein said first established session 

\ 

is an encrypted connection. 



\ 



13. (Original)\ A program as claimed in claim 9 wherein said unique hardware 



identifier is a machine (MAC) address for said associated device. 



14. (Original) A program as claimed in claim 9 wherein said protected storage is a 
write-only storage with the ability to perform computations involving previously-written data. 



15. (Original) A prograiAas claimed in claim 9 wherein said protected storage is read- 
write storage wherein the read capacity of said storage is accessible only by means of a shared 
secret. ^ 



16. (Original) a program as claitaed in claim 9 wherein said public key of a Certificate 
Authority is a public key of a root Certificate Authority. 



17. (Original) A system for initial izing secure communications between a first device 
and a second device, said first and second dewces each having a public key of a Certificate 
Authority and a device certificate, said evice certificate having a unique hardware identifier 
associated with said respective device, and a publicykey associated with said respective device, 
said system comprising: 
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a communications mechanism for establishing a session between said first device and 
said ^second device, neogitating two-way session encryption and mutual 
authenticationrequirements between said first and said second device, and exchanging device 
certificates ofcsaid first device and said second device; 

a verifiekfor cryptographically verifying the received certificate using the public key 
of said Certificate Authority; 

a negotiation mechanism for exchanging challenges created by each of said first and 
second devices, responclyig to said respective challenges by signing said received challenge, 
using the receiving device\ private key, said private keys residing in the respective protected 
storage in each said device, returning said signed challenges, 

crytographically verifying that said received challenge signature is of the challenge 
previously sent by said receiving\evice, establishing a key agreement between said first and 
said second devices; and, establishihg secure communications if all of said prior verifying 
steps succeed. 

18. (Original) A system as claimed \n claim 17 wherein said first established session 
is non-secure. 

19. (Original) A system as claimed in clain^l7 wherein said first established session 
is an authenticated connection. 




20. (Original) A system as claimed in claim 17 wherein said first established session 
is an encrypted connection. 



r 1 



PATENT 
Application No. 09/316,805 



Docket No. CR9-99-033 
Page 7 



2i s ^^riginal) A system as claimed in claim 17 wherein said unique hardware 
identifier is a^machine (MAC) address for said associated device. 

22. (Origin^ as claimed in claim 17 wherein said protected storage is a 



-j^ write-only storage with the ability to perform computations involving previously-written data. 



23. (Original) A system as claimed in claim 17 wherein said protected storage is read- 
write storage wherein the read capacity of said storage is accessible only by means of a shared 
secret. 




24. (Original) A sytem as claimed in claim 17 wherein said public key of a Certificate 
Authority is a public key of a root Certificate Authority. 



